Method and Apparatus for Dynamically Providing Privacy-Policy Information to a User

1. A method for providing privacy-policy information to a user to facilitate compliance with privacy laws, the method comprising: using a client computer to perform: receiving, by a client-based application executing on the client computer, a request from the user to access digital content via the client-based application, wherein at a time the request is received, the digital content is stored on the client computer and the user is not yet allowed to access the digital content; sending, by the client-based application, a notification to a server, wherein the notification comprises information about the request; receiving, by the client-based application, a response from the server, wherein the response comprises privacy-policy instructions, wherein the privacy-policy instructions specify conditions for accessing the digital content stored on the client computer, and wherein the privacy-policy instructions indicate whether a privacy warning dialog should be displayed to the user; determining, by the client-based application, whether to display the privacy warning dialog dependent on the privacy-policy instructions; in response to determining that the privacy warning dialog should be displayed, displaying, by the client-based application, the privacy warning dialog; and allowing, by the client-based application, the user to access the digital content stored on the client computer via the client-based application, wherein said allowing is dependent on whether the conditions for accessing the digital content are satisfied.

2. The method of claim 1 , wherein allowing the user to access the digital content further comprises: using the privacy warning dialog to: request permission from the user to perform an audit of the user's actions; and receive a response from the user indicating whether the user has provided permission for the audit; opening the digital content; and in response to the user providing permission for an audit, auditing the user's actions.

3. The method of claim 1 , wherein the conditions for accessing the digital content specify an audit of the user's actions, and wherein allowing the user to access the digital content further comprises: using the privacy warning dialog to: request permission from the user to perform the audit of the user's actions; and receive a response from the user indicating whether the user has provided permission for the audit; in response to the user providing permission for the audit, opening the digital content and auditing the user's actions; and in response to the user not providing permission for the audit, preventing the digital content from being opened.

4. The method of claim 1 , further comprising storing a cache of the privacy-policy instructions on the client, wherein the cache of the privacy-policy instructions is stored within the digital content, or separate from the digital content.

5. The method of claim 4 , wherein if the server is unreachable, the method further involves receiving privacy-policy instructions from the cache of the privacy-policy instructions instead of from the server.

6. The method of claim 1 , wherein the notification includes an identifier for the digital content, and wherein the method further comprises: using the identifier for the digital content at the server to determine content-specific privacy-policy instructions, wherein the content-specific privacy-policy instructions specify content-specific conditions for accessing the digital content; allowing the user to access the digital content at the client, wherein said allowing is dependent on the content-specific conditions for accessing the digital content being satisfied.

7. The method of claim 1 , further comprising: receiving a request from the user, at the server, to modify the privacy-policy instructions; and in response to the request, allowing the user to modify the privacy-policy instructions.

8. The method of claim 7 , wherein the request to modify the privacy-policy instructions is received from a web browser.

9. A non-transitory computer-readable storage device storing instructions that when executed by a client computer cause the computer to perform a method for providing privacy-policy information to a user to facilitate compliance with privacy laws, the method comprising: receiving, by a client-based application executing on the client computer, a request from a user to access digital content via the client-based application, wherein at a time the request is received, the digital content is stored on the client computer and the user is not yet allowed to access the digital content; sending, by the client-based application, a notification to a server, wherein the notification comprises information about the request; receiving, by the client-based application, a response from the server, wherein the response includes privacy-policy instructions, wherein the privacy-policy instructions specify conditions for accessing the digital content stored on the client computer, and wherein the privacy-policy instructions indicate whether a privacy warning dialog should be displayed to the user; determining, by the client-based application, whether to display the privacy warning dialog dependent on the privacy-policy instructions; in response to determining that the privacy warning dialog should be displayed, displaying, by the client-based application, the privacy warning dialog; and allowing, by the client-based application, the user to access the digital content stored on the client computer via the client-based application, wherein said allowing is dependent on whether the conditions for accessing the digital content are satisfied.

10. The non-transitory computer-readable storage device of claim 9 , wherein allowing the user to access the digital content further comprises: using the privacy warning dialog to: request permission from the user to perform an audit of the user's actions; and receive a response from the user indicating whether the user has provided permission for the audit; opening the digital content; and in response to the user providing permission for the audit, auditing the user's actions.

11. The non-transitory computer-readable storage device of claim 9 , wherein the conditions for accessing the digital content specify an audit of the user's actions, and wherein allowing the user to access the digital content further comprises: using the privacy warning dialog to: request permission from the user to perform the audit of the user's actions; and receive a response from the user indicating whether the user has provided permission for the audit; in response to the user providing permission for the audit, opening the digital content and auditing the user's actions; and in response to the user not providing permission for the audit, preventing the digital content from being opened.

12. The non-transitory computer-readable storage device of claim 9 , wherein the method further comprises storing a cache of the privacy-policy instructions on the client, wherein the cache of the privacy-policy instructions is stored within the digital content, or separate from the digital content.

13. The non-transitory computer-readable storage device of claim 12 , wherein if the server is unreachable, the method further involves receiving privacy-policy instructions from the cache of the privacy-policy instructions instead of from the server.

14. The non-transitory computer-readable storage device of claim 9 , wherein the notification includes an identifier for the digital content, and wherein the method further comprises: using the identifier for the digital content at the server to determine content-specific privacy-policy instructions, wherein the content-specific privacy- policy instructions specify content-specific conditions for accessing the digital content; allowing the user to access the digital content at the client, wherein said allowing is dependent on the content-specific conditions for accessing the digital content being satisfied.

15. The non-transitory computer-readable storage device of claim 9 , wherein the method further comprises: receiving a request from the user, at the server, to modify the privacy-policy instructions; and in response to the request, allowing the user to modify the privacy-policy instructions.

16. The non-transitory computer-readable storage device of claim 15 , wherein the request to modify the privacy-policy instructions is received from a web browser.

17. An apparatus that provides privacy-policy information to a user to facilitate compliance with privacy laws, the apparatus comprising: a receiving mechanism of a client-based application executing on a client computer configured to receive a request from the user to access digital content via the client-based application, wherein at a time the request is received, the digital content is stored on the client computer and the user is not yet allowed to access the digital content; a sending mechanism of the client-based application configured to send a notification to a server, wherein the notification comprises information about the request; wherein the receiving mechanism of the client-based application is additionally configured to receive a response from the server, wherein the response comprises privacy-policy instructions, wherein the privacy-policy instructions specify conditions for accessing the digital content stored on the client computer, and wherein the privacy-policy instructions indicate whether a privacy warning dialog should be displayed to the user; and an access mechanism of the client-based application configured to: determine whether to display the privacy warning dialog dependent on the privacy-policy instructions; in response to determining that the privacy warning dialog should be displayed, displaying, by the client-based application, the privacy warning dialog; and allow the user to access the digital content stored on the client computer via the client-based application, wherein said allowing is dependent on whether the conditions for accessing the digital content are satisfied.

18. The apparatus of claim 17 , wherein the access mechanism is further configured to: use the privacy warning dialog to: request permission from the user to perform an audit of the user's actions; and receive a response from the user indicating whether the user has provided permission for the audit; open the digital content; and in response to the user providing permission for the audit, audit the user's actions.

19. The apparatus of claim 17 , wherein the conditions for accessing the digital content specify an audit of the user's actions, and wherein the access mechanism is further configured to: use the privacy warning dialog to: request permission from the user to perform the audit of the user's actions; and receive a response from the user indicating whether the user has provided permission for the audit; in response to the user providing permission for the audit, open the digital content and audit the user's actions; and in response to the user not providing permission for the audit, prevent the digital content from being opened.

20. The apparatus of claim 17 , further comprising a caching mechanism configured to store a cache of the privacy-policy instructions on the client, wherein the cache of the privacy-policy instructions is stored within the digital content, or separate from the digital content.